package com.azure.security.keyvault.keys.cryptography.implementation;

import com.azure.core.util.Context;
import com.azure.security.keyvault.keys.cryptography.models.DecryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignResult;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import com.azure.security.keyvault.keys.models.KeyOperation;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.Objects;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/azure/security/keyvault/keys/cryptography/implementation/EcKeyCryptographyClient.class */
public class EcKeyCryptographyClient extends LocalKeyCryptographyClient {
    private final KeyPair ecKeyPair;
    private final Provider provider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public EcKeyCryptographyClient(JsonWebKey jsonWebKey, CryptographyClientImpl cryptographyClientImpl) {
        super(jsonWebKey, cryptographyClientImpl);
        this.provider = Security.getProvider("SunEC");
        this.ecKeyPair = jsonWebKey.toEc(jsonWebKey.hasPrivateKey(), this.provider);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The encrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public EncryptResult encrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The encrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptParameters encryptParameters, Context context) {
        throw new UnsupportedOperationException("The encrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public EncryptResult encrypt(EncryptParameters encryptParameters, Context context) {
        throw new UnsupportedOperationException("The encrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The decrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public DecryptResult decrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The decrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(DecryptParameters decryptParameters, Context context) {
        throw new UnsupportedOperationException("The decrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public DecryptResult decrypt(DecryptParameters decryptParameters, Context context) {
        throw new UnsupportedOperationException("The decrypt operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<SignResult> signAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Digest content cannot be null.");
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(signatureAlgorithm.toString());
        if (algorithm == null) {
            if (this.implClient != null) {
                return this.implClient.signAsync(signatureAlgorithm, bArr, context);
            }
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricSignatureAlgorithm)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (this.ecKeyPair.getPrivate() == null) {
            if (this.implClient != null) {
                return this.implClient.signAsync(signatureAlgorithm, bArr, context);
            }
            throw new IllegalArgumentException("The private portion of the key is not locally available to perform the sign operation.");
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.SIGN);
        if (!(algorithm instanceof Ecdsa)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        ISignatureTransform createSignatureTransform = ((Ecdsa) algorithm).createSignatureTransform(this.ecKeyPair, this.provider);
        return Mono.fromCallable(() -> {
            return new SignResult(createSignatureTransform.sign(bArr), signatureAlgorithm, this.jsonWebKey.getId());
        });
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public SignResult sign(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Digest content cannot be null.");
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(signatureAlgorithm.toString());
        if (algorithm == null) {
            if (this.implClient != null) {
                return this.implClient.sign(signatureAlgorithm, bArr, context);
            }
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricSignatureAlgorithm)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (this.ecKeyPair.getPrivate() == null) {
            if (this.implClient != null) {
                return this.implClient.sign(signatureAlgorithm, bArr, context);
            }
            throw new IllegalArgumentException("The private portion of the key is not locally available to perform the sign operation.");
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.SIGN);
        if (!(algorithm instanceof Ecdsa)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        try {
            return new SignResult(((Ecdsa) algorithm).createSignatureTransform(this.ecKeyPair, this.provider).sign(bArr), signatureAlgorithm, this.jsonWebKey.getId());
        } catch (Exception e) {
            if (e instanceof RuntimeException) {
                throw ((RuntimeException) e);
            }
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Digest content cannot be null.");
        Objects.requireNonNull(bArr2, "Signature to be verified cannot be null.");
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(signatureAlgorithm.toString());
        if (algorithm == null) {
            if (this.implClient != null) {
                return this.implClient.verifyAsync(signatureAlgorithm, bArr, bArr2, context);
            }
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricSignatureAlgorithm)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (this.ecKeyPair.getPublic() == null) {
            if (this.implClient != null) {
                return this.implClient.verifyAsync(signatureAlgorithm, bArr, bArr2, context);
            }
            throw new IllegalArgumentException("The public portion of the key is not locally available to perform the verify operation.");
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.VERIFY);
        if (!(algorithm instanceof Ecdsa)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        ISignatureTransform createSignatureTransform = ((Ecdsa) algorithm).createSignatureTransform(this.ecKeyPair, this.provider);
        return Mono.fromCallable(() -> {
            return new VerifyResult(Boolean.valueOf(createSignatureTransform.verify(bArr, bArr2)), signatureAlgorithm, this.jsonWebKey.getId());
        });
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public VerifyResult verify(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Digest content cannot be null.");
        Objects.requireNonNull(bArr2, "Signature to be verified cannot be null.");
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(signatureAlgorithm.toString());
        if (algorithm == null) {
            if (this.implClient != null) {
                return this.implClient.verify(signatureAlgorithm, bArr, bArr2, context);
            }
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricSignatureAlgorithm)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        if (this.ecKeyPair.getPublic() == null) {
            if (this.implClient != null) {
                return this.implClient.verify(signatureAlgorithm, bArr, bArr2, context);
            }
            throw new IllegalArgumentException("The public portion of the key is not locally available to perform the verify operation.");
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.VERIFY);
        if (!(algorithm instanceof Ecdsa)) {
            throw new RuntimeException(new NoSuchAlgorithmException(signatureAlgorithm.toString()));
        }
        try {
            return new VerifyResult(Boolean.valueOf(((Ecdsa) algorithm).createSignatureTransform(this.ecKeyPair, this.provider).verify(bArr, bArr2)), signatureAlgorithm, this.jsonWebKey.getId());
        } catch (Exception e) {
            if (e instanceof RuntimeException) {
                throw ((RuntimeException) e);
            }
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The key wrap operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public WrapResult wrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The key wrap operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The key unwrap operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public UnwrapResult unwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The key unwrap operation is not supported for EC keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<SignResult> signDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        try {
            return signAsync(signatureAlgorithm, calculateDigest(signatureAlgorithm, bArr), context);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public SignResult signData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        try {
            return sign(signatureAlgorithm, calculateDigest(signatureAlgorithm, bArr), context);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        try {
            return verifyAsync(signatureAlgorithm, calculateDigest(signatureAlgorithm, bArr), bArr2, context);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public VerifyResult verifyData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        try {
            return verify(signatureAlgorithm, calculateDigest(signatureAlgorithm, bArr), bArr2, context);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] calculateDigest(SignatureAlgorithm signatureAlgorithm, byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(SignatureHashResolver.DEFAULT.get(signatureAlgorithm).toString());
        messageDigest.update(bArr);
        return messageDigest.digest();
    }
}
